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AUTHENTICATED FILE LOADER 

Field of the Invention 

[0001] This invention relates to embedded systems and more particularly to 
5 techniques for providing digital data to an embedded system in a secure manner. 

Background 

[0002] Embedded systems occasionally require that files be uploaded for 
operations such as configuration, data or firmware updates. In such systems there 
is usually a need to ensure that the digital file or updates arrive in tact at the 
intended embedded system. Otherwise, there is a potential security weakness. 

[0003] One example of the known prior art relies on traditional methods of 
integrity and authentication. For example, an operator might authenticate 
him /herself before being granted access to a console. The file is then uploaded, 
possibly with a check sum or a cyclic-redundancy-check (CRC) as an integrity 
check. It is then the operator's responsibility to assure that the file is applicable in 
the context of the application. 

20 [0004] Prior art also exists wherein a software security package provides a digital 
signature software code (executables, Java, applets, etc.). One such system is 
described in published PCT Application WO 99/56196 published November 4, 
1999 in the name Shostack, wherein a client-server based system provides, 
automatically, updates of information files or software enhancements to end users. 

25 Digital signatures or other cryptography techniques are used to provide integrity 
and authenticity of the software enhancements. As an enhancement becomes 
available, a push mechanism on the server in real time takes the enhancement and 
sends it to clients via electronic mail. An installer mechanism on the client 
performs authenticity checks before installing the received enhancements. These 



M= 10 

o 

C 

W 

m 



2 



authenticity checks include a file name match and a digital signature verification. 
The introduction of digital signal generation and verification establishes an 
algorithm appropriate for applications requiring a digital rather than written 
signature. A digital signature is typically a large number represented in a computer 
5 as strings of binary digits. This algorithm provides the capability to generate and 
verify signatures. Signature generation makes use of a private key to generate a 
digital signature. Signature verification makes use of a public key that corresponds 
to, but is not the same as, the private key. Each user possesses a private and public 
key pair. Public keys are assumed to be known to the public in general, private 
u b 10 keys are never shared. Anyone can verify the signature of a user by employing 
2? that user's public key. Signature generation can be performed only by the 

B3 possessor of the user's private key. The problem with the known prior art 

U1 

M= solutions is that the end user or embedded system has no knowledge of the 
Lj appropriateness of the uploaded file within its context. For example, a 

15 configuration file may be uploaded to the wrong device or to one with an old code 
W revision that cannot parse the file. Additionally, the file must be adequately safe 
5 guarded against an attacker intent on deceiving the system. It is well known that 

Jr: hackers have numerous techniques of gaining unwanted access to computer 
systems. 

20 

Summary of the Invention 

[0005] The present invention is an advance on the prior art in that it provides the 
notion of a target header as part of the software file to be installed. More 
particularly, the target header defines trie end environment. Therefore, according 
25 to the present solution an additional header is combined with the digital data file 
wherein the header has at least one critical extension. The extension is at least a 
target state and may also include a digital signature. 

[0006] Therefore, in accordance with a first aspect of the present invention there is 
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provided a method of providing digital data from a source system to an embedded 
system in a secure manner, comprising the steps of: combining the data with 
header information including a target identifier corresponding to the embedded 
system; providing the combined digital data with header information to the 
5 embedded system; and verifying the target identifier before the embedded system 
is enabled to load the digital data. 

[0007] In accordance with a second aspect of the present invention there is 
provided a method of providing digital data from a source system to an embedded 
s , 10 system in a secure manner, comprising trie steps of: combining the data with 
O header information including a target identifier corresponding to the embedded 
QJ system; signing the combined digital data with header information with a digital 
'Zl signature corresponding to the source system, the digital signature being added to 
;. the header information providing the combined digital data with header 
s 15 information to the embedded system; and verifying the digital signature and the 
yj target identifier before the embedded system is enabled to load the digital data. 
O 

O In this aspect of the invention the source system generates a digital signature using 
the issuer's private key and the embedded system verifies the digital signature 
20 using the issuer's public key. 

[0008] In accordance with a further aspect of the present invention there is 
provided an embedded system that uses a target state header to validate uploaded 
files the system comprising: means to combine the files to be uploaded with the 
25 target state header; means to provide the files with the target state header to the 
embedded system; and verifying means to verify the target state header before the 
files are uploaded to the embedded system. 

Brief Description of the Drawings 
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[0009] The invention will now be described in greater detail with reference to the 
attached drawings where: 

[0010] Figure 1 is a high level diagram of a system according to the present 
5 invention; 

[0011] Figure 2 is a flow diagram of the transfer of data from a source to an 
embedded system according to a first aspect of the invention; 

[0012] Figure 3 is a flow diagram of data flow from a source to an embedded 
system according to a second embodiment of the invention; and 

[0013] Figure 4 represents a digital file with attached headers. 

* 15 Detailed Description of the Invention 

ill [0014] According to one embodiment of the present invention target state 

H information is added to digital data or an application file to be transferred from a 

Q source to an embedded system. The target state information includes identification 

information of the embedded system or systems for which the file is intended, e.g. 
20 a list of appropriate targets and /or revision levels. For example, a password file 

might have a list of eight product numbers, each with a software revision number. 

Another example of the identifier is an IP address assigned to a user by an Internet 

service provider or text name / password corresponding to the end user of an 

Internet based service. 

25 

[0015] In a second embodiment of the invention a further authentication measure is 
implemented wherein the entire file, including information in the header, is 
digitally signed using the issuer's private key such as a FIPS 186 signing key. The 
FIPS 186 establishes the algorithm for digital signature generation and verification. 
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When a message is received the recipient may desire to verify that the message has 

not been altered in transit. Furthermore, the recipient may wish to be certain of the 

original user's identity. Both of these services can be provided by the digital 

signature algorithm (DSA). A digital signature is an electronic analogue of a 

5 written signature in that the digital signature can be used in proving to the 

recipient or a third party that the message was in fact, signed by the originator. 

Digital signatures may also be generated for stored data so that the integrity of the 

data and programs may be verified at a later time. According to the present 

invention the target upon receipt of the message verifies the target information and 

s - ,. 10 the digital signature, and only accepts up-loads that have been properly authorized 

5 and which have header information which matches the target state. 

I 
m 

yi [0016] Figure 1 is a high level diagram of an exemplary system according to the 
f^l invention. Source 12 downloads a file or other digital data to embedded system 14 
* 15 through network 16. It is important in this implementation that the file or digital 
sT] data downloaded by source 12 reaches the intended embedded system. Since the 
p network can be accessed by other outside sources it is always possible for such an 
p outside source to gain access to the embedded system using various hacker 
techniques. 

20 

[0017] To overcome this problem the digital data or file which is to be downloaded 
from source 12 is combined with a header generated by header generator 18. In 
one embodiment of the invention the header generator generates target state 
information as identified above. The header generator may also generate digital 
25 signature information that is also combined with the file or digital data as a second 
header appendage. 



[0018] At the embedded system a header verifier 20 ensures that the target state 
information in the header corresponds to target information relating to the 



embedded system. In a second embodiment verifier 20 ensures that the digital 
signature is consistent with digital signature information associated with the target 
system. 

[0019] Figure 2 is a flow diagram illustrating the flow of digital data from a source 
to an embedded system in which target state header information is combined with 
the digital data. As indicated, if the target state is not verified at the embedded 
system end the data is not uploaded to the embedded system. 

[0020] Figure 3 is a flow diagram illustrating the second embodiment of the 
invention in which a digital signature header is also added to the digital data. At 
the embedded system the target state header is first verified and if it corresponds 
to target information stored in the embedded system then the digital signature is 
verified. If both the target state header and the digital signature are verified then 
the digital data is enabled on the embedded system. Otherwise, the digital data or 
file is not uploaded. 

[0021] Figure 4 is a representation of the data file together with the appended 
headers and in particular the target state and the digital signature headers. As 
discussed previously it is not essential that both these headers are attached to the 
file as it may be sufficient in certain applications to include only the target state 
information. 

[0022] The present invention is intended to thwart security attacks that might 
target files destined for specific embedded systems. Additionally, the solution 
provided by the invention assures that files are only uploaded into appropriate 
targets. Prior art solutions do not combine these two security measures. 
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[0023] It is contemplated that this authentication system be used on the Internet for 
conducting a variety of transactions such as the purchase and download of new 
software or online banking. Another application is for the installation of software 
revisions in network nodes or wireless phones. Security is an ongoing concern and 
5 the present invention represents a stronger solution for effecting secure transfer of 
digital data then previously known. 

[0024] Although particular embodiments of the invention have been described and 
illustrated it would be apparent to one skilled in the art that numerous 
= s 10 modifications can be made to the basic concept. It is to be understood, however, 

O that such modifications will fall within the full scope of the invention as defined by 

O 

CP the appended claims. 
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